On 1/16/2015 3:26 AM, M. Fioretti wrote: > Greetings, > > I have just "inherited" a postfix 2.6.6 server running on a Centos 6 > server, whose postconf -n output is pasted below. > > Everything seems fine to me (but of course any pointer to security > holes, or possibilities for improvement is welcome!) except one > thing. This server must relay email from only two sources: > > a) messages sent through the local webmail interface > b) messages coming from another server some.server.com with a fixed > ip address,xxx.yyy.www.zzz : these are all notification messages > from cron jobs/shell scripts, for several people > > a) is working perfectly, b) isn't. every message from > some.server.com is rejected as follows: > > Jan 16 10:04:41 server postfix/smtpd[11561]: NOQUEUE: reject: RCPT > from some.server.com[xxx.yyy.www.zzz]: 554 5.7.1 > <some.server.com[212.110.184.219]>: Client host rejected: Access > denied; from=<apa...@some.server.com> to=<mfiore...@nexaima.net> > proto=ESMTP helo=<some.server.com>
This indicates a check_client_access table that lists either the hostname or IP with REJECT. I don't see any check_client_access tables below. Are you sure you're looking at the correct postfix configuration? Are there some overrides listed in master.cf? -- Noel Jones > > > Yes, I **know** it is surely something trivial, but right now I am > obviously unable to see it. I have done several postfix > configurations in the past, but this time I seem back to square one... > > What am I missing? > > Thanks in advance, > Marco > > > command_directory = /usr/sbin > config_directory = /etc/postfix > daemon_directory = /usr/libexec/postfix > debug_peer_level = 2 > disable_vrfy_command = yes > html_directory = /usr/share/doc/postfix-2.4.3-documentation/html > inet_interfaces = all > mail_owner = postfix > mailq_path = /usr/bin/mailq.postfix > manpage_directory = /usr/share/man > mydestination = $myhostname, localhost > mydomain = $myhostname > myhostname = a.mx.example.com > mynetworks = 127.0.0.0/8, xxx.yyy.www.zzz > myorigin = $mydomain > newaliases_path = /usr/bin/newaliases.postfix > queue_directory = /var/spool/postfix > readme_directory = /usr/share/doc/postfix-2.4.3-documentation/readme > relay_domains = > relayhost = > sample_directory = /etc/postfix > sendmail_path = /usr/sbin/sendmail.postfix > setgid_group = postdrop > smtpd_helo_required = yes > smtpd_helo_restrictions = > smtpd_recipient_restrictions = permit_mynetworks, > reject_invalid_hostname, reject_non_fqdn_hostname, > reject_non_fqdn_sender, reject_non_fqdn_recipient, > reject_unknown_sender_domain, > reject_unknown_recipient_domain, permit_mynetworks, > > permit_sasl_authenticated, > reject_unauth_destination, > check_helo_access hash:/etc/postfix/reject_own_helo > smtpd_sasl_auth_enable = yes > smtpd_sasl_path = /var/spool/postfix/private/auth > smtpd_sasl_type = dovecot > smtpd_tls_auth_only = yes > smtpd_tls_cert_file = /etc/myssl/mycert.pem > smtpd_tls_key_file = /etc/myssl/mycert.pem > smtpd_tls_loglevel = 1 > smtpd_tls_security_level = may > strict_rfc821_envelopes = yes > unknown_address_reject_code = 554 > unknown_client_reject_code = 554 > unknown_hostname_reject_code = 554 > unknown_local_recipient_reject_code = 550 > virtual_alias_maps = hash:/etc/postfix/mymaps/valias.map > virtual_gid_maps = static:5000 > virtual_mailbox_base = /var/mail/mymail_storage > virtual_mailbox_domains = /etc/postfix/mymaps/vhosts.map > virtual_mailbox_maps = hash:/etc/postfix/mymaps/vmailboxes.map > virtual_transport = procmail > virtual_uid_maps = static:5000 >
